MAIN MENU

Security & compliance

Upholding the highest standards to protect your data and ensure trust.

DEVO-2026-0018

Remote Desktop Manager is affected by multiple vulnerabilities.

Affected Products

Remote Desktop Manager
2026.2.8.0 and earlier

Change Log

Initial publication - 2026-06-12

Command injection in SSH Elevate Shell

5.2 Medium - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alternate username and user interaction with the Elevate Shell action.

CVE(s)

CVE-2026-12161

Remediation and Workarounds

Upgrade to Devolutions Remote Desktop Manager 2026.2.8.0 or higher.

Improper host validation in social login autofill

2 Low - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain.

CVE(s)

CVE-2026-12162

Remediation and Workarounds

Upgrade to Devolutions Remote Desktop Manager 2026.2.9.0 or higher.